Atty. Docket No. CISCO-3096 (032590-1 18) 

Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings of claims in the 
application: 

1-51 (Canceled) 

52. (Previously Presented) An access server capable of allowing subscribers of a 

communications system to gain exclusive access to a domain site associated with a virtual 
circuit, said access server comprising: 

a memory device capable of storing a domain list table and a tunnel ID table, said domain 
list table including a plurality of virtual circuit identifiers and associated domain site 
identifiers, said tunnel ID table including a plurality of domain names and associated 
tunnel IDs; 

an authorized domain list determiner capable of determining an authorized domain list based 
upon said domain list table and a domain site identifier within a PPP authentication 
request, said PPP authentication request received on a virtual circuit having a virtual 
circuit identifier; 

an assessor capable of determining whether said domain site identifier within said PPP 

authentication request is in said domain list; 
a tunnel ID determiner capable of determining a tunnel ID based upon said tunnel ID table 

and said domain site identifier; and 
an authorizer capable of granting subscribers domain site access based upon said authorized 

domain list. 
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53. (Previously Presented) The access server of claim 52, further comprising: 

a receiving interface capable of accepting said PPP session authentication request; and 
a forwarding interface capable of forwarding said PPP session on a tunneling session 
associated with said tunnel ED. 

54. (Original) The access server of claim 53 wherein said tunneling session comprises an L2TP 
session. 

55. (Original) The access server of claim 54 wherein said virtual circuit identifier comprises a 
Virtual Path Identifier (VPI) / Virtual Channel Identifier (VCI). 

56. (Original) The access server of claim 52 wherein said first receiving interface comprises at 
least one access multiplexer, each access multiplexer having a plurality of inputs for 
receiving a service request, each of said inputs being associated with a particular subscriber 
virtual circuit. 

57. (Previously Presented) A method for controlling subscriber access in a network capable of 
establishing connections with a plurality of domain sites, comprising: 

receiving an L2TP session from a subscriber using a first communication network coupled 
to at least one other communication network, said L2TP session optionally including a 
domain site identifier associated with a domain site on said at least one other 
communication network; 
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determining whether said subscriber is authorized to access said domain site based upon said 
domain site identifier and a list of authorized domain sites for a virtual circuit through 
which said L2TP session is received, said determining comprising: 
issuing an authorized domain list request including a virtual circuit identifier; 
receiving an authorized domain list that includes domain site identifiers of authorized 

domain sites for said virtual circuit identifier; 
indicating said domain site is unauthorized when said domain site identifier included in 

said L2TP session is not in said authorized domain list; 
indicating said domain site is authorized when said domain site identifier is in said 

authorized domain list; 
issuing a tunnel ID request including said domain site identifier when said domain site 

is authorized; 
receiving a tunnel ID; and 
assigning said tunnel ID; and 
authorizing subscriber access to said domain site when said domain site identifier is included 
in said authorized domain list, wherein said L2TP session is forwarded onto a 
tunnel associated with said tunnel ID when said subscriber is authorized to access said 
domain site. 

58. (Previously Presented) The method of claim 57 wherein 

said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 
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59. (Previously Presented) The method of claim 57 wherein said virtual circuit identifier 
comprises a VPI/VCI identifier. 

60. (Previously Presented) A method for controlling subscriber access in a network capable of 
establishing connections with a plurality of domain sites, comprising: 

receiving an L2TP session from a subscriber using a first communication network coupled 
to at least one other communication network, said L2TP session optionally including a 
domain site identifier associated with a domain site on said at least one other 
communication network; 
determining whether said subscriber is authorized to access said domain site based upon said 
domain site identifier and a list of authorized domain sites for a virtual circuit through 
which said L2TP session is received, said determining comprising: 
performing a table lookup based on a virtual circuit identifier to obtain an authorized 

domain list that includes domain site identifiers of authorized domain sites for said 

virtual circuit identifier; 
indicating said domain site is unauthorized when said domain site identifier included in 

said L2TP session is not in said authorized domain list; 
indicating said domain site is authorized when said domain site identifier included in 

said L2TP session is in said authorized domain list; 
performing a table lookup based on said domain site identifier to obtain a tunnel ID 

when said domain site is authorized; and 
assigning said tunnel ID; and 
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authorizing subscriber access to said domain site when said domain site identifier is included 
in said authorized domain list, wherein said L2TP session is forwarded onto a 
tunnel associated with said tunnel ID when said subscriber is authorized to access said 
domain site, 

61. (Previously Presented) The method of claim 60 wherein said virtual circuit identifier 
comprises a VPI/VCI identifier. 

62. (Previously Presented) A program storage device readable by a machine, embodying a 
program of instructions executable by the machine to perform a method to control subscriber 
access in a network capable of establishing connections with a plurality of domain sites, the 
method comprising: 

receiving an L2TP session from a subscriber using a first communication network coupled 
to at least one other communication network, said L2TP session optionally including a 
domain site identifier associated with a domain site on said at least one other 
communication network; 

determining whether said subscriber is authorized to access said domain site based upon said 
domain site identifier and a list of authorized domain sites for a virtual circuit through 
which said L2TP session is received, said determining comprising: 
issuing an authorized domain list request including a virtual circuit identifier; 
receiving an authorized domain list that includes authorized domain site for said virtual 
circuit identifier; 
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indicating said domain site is unauthorized when said domain site identifier included in 

said L2TP session is not in said authorized domain list; 
indicating said domain site is authorized when said domain site identifier included in 

said L2TP session is in said authorized domain list; 
issuing a tunnel ID request including said domain site identifier when said domain site 

is authorized; 
receiving a tunnel ID; and 
assigning said tunnel ID; and 
authorizing subscriber access to said domain site when said domain site identifier is included 
in said authorized domain list, wherein said L2TP session is forwarded onto a 
tunnel associated with said tunnel ID when said subscriber is authorized to access said 
domain site. 

63. (Previously Presented) The program storage device of claim 62 wherein 
said authorized domain list request is serviced by an AAA server; and 
an AAA server services said tunnel ID request. 

64. (Previously Presented) The program storage device of claim 62 wherein said virtual circuit 
identifier comprises a VPI/VCI identifier. 

65. (Previously Presented) A program storage device readable by a machine, embodying a 
program of instructions executable by the machine to perform a method to control subscriber 
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access in a network capable of establishing connections with a plurality of domain sites, the 
method comprising: 

receiving an L2TP session from a subscriber using a first communication network coupled 
to at least one other communication network, said L2TP session optionally including a 
domain site identifier associated with a domain site on said at least one other 
communication network; 
determining whether said subscriber is authorized to access said domain site based upon said 
domain site identifier and a list of authorized domain sites for a virtual circuit through 
which said L2TP session is received, said determining comprising: 
performing a table lookup based on a virtual circuit identifier to obtain an authorized 

domain list that includes domain site identifiers of authorized domain sites for said 

virtual circuit identifier; 
indicating said domain site is unauthorized when said domain site identifier included in 

said L2TP session is not in said authorized domain list; 
indicating said domain site is authorized when said domain site identifier included in 

said L2TP session is in said authorized domain list; 
performing a table lookup based on said domain site identifier to obtain a tunnel ID 

when said domain site is authorized; and 

assigning said tunnel ID; and 
authorizing subscriber access to said domain site when said domain site identifier is included 
in said authorized domain list, wherein said L2TP session is forwarded onto a 
tunnel associated with said tunnel ID when said subscriber is authorized to access said 
domain site. 
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66. (Previously Presented) The program storage device of claim 65 wherein said virtual circuit 
identifier comprises a VPI/VCI identifier. 

67 - 74 (Canceled) 
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